LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Postifx authenticate local users (https://www.linuxquestions.org/questions/linux-security-4/postifx-authenticate-local-users-4175564470/)

Patric.F 01-20-2016 03:07 AM
Postifx authenticate local users
 
Hi,

I need to setup an outgoing SMTP server using Debian and Postfix.
This server is Only for outgoing mail and nothing else.
I will have local users that will authenticate and send email only.

I get a bit of a headache when trying to figure this out.
I'm trying to get SASL and Postfix to work with authentication but I can't get it to work.

When I try this:
Code:
testsaslauthd -u test -p testpass
I get:
Quote:
0: OK "Success."
However when I try to do telnet and try the authentication I get this:
Quote:
root@smtpout:~# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 smtpout.domain.com ESMTP Postfix (Debian/GNU)
ehlo dummy
250-smtpout.domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN
250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
535 5.7.8 Error: authentication failed: authentication failure
quit
221 2.0.0 Bye
In mail.log I get this:
Quote:
Jan 20 09:55:31 edith-smtpout postfix/smtpd[6091]: connect from localhost[::1]
Jan 20 09:55:35 edith-smtpout postfix/smtpd[6091]: warning: SASL authentication failure: Password verification failed
Jan 20 09:55:35 edith-smtpout postfix/smtpd[6091]: warning: localhost[::1]: SASL PLAIN authentication failed: authentication failure
Jan 20 09:55:38 edith-smtpout postfix/smtpd[6091]: disconnect from localhost[::1]
These are my configs:

main.cf:
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = smtpout.domain.com, localhost.domain.com, , localhost
myhostname = smtpout.domain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
/etc/default/saslauthd-postfix:
Code:
START=yes
DESC="SASL Auth. Daemon for Postfix"
NAME="saslauthd-postf"
MECHANISMS="shadow"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
I can't find much info on how to setup with local users and don't use Dovecot and MySQL etc.
Is there anyone that can help me with this?
If I just get the authentication to work I will be able to do the rest myself. I haven't done much in the TLS section yet as I want to get things working first.

Patric.F 01-27-2016 02:39 AM
I had forgot to create /etc/postfix/sasl/smtpd.conf with this content:

Code:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Now it's working.


All times are GMT -5. The time now is 04:23 AM.